[Samba] Element not found error

Rowland Penny rowlandpenny at googlemail.com
Thu Sep 25 11:20:48 MDT 2014 

On 25/09/14 17:58, Brian C. Huffman wrote:
>
> On 09/23/2014 02:47 PM, Marc Muehlfeld wrote:
>> Am 23.09.2014 um 20:02 schrieb Brian C. Huffman:
>>> I was finally able to get this to work, but I had to do the following
>>> (which is not on the main file shares wiki  page):
>>>
>>> After making the directory on the Samba member server, I did the
>>> following (from the profiles wiki page):
>>> chmod 1770 /share
>>> chgrp "Domain Users" /share
>>>
>>> Then I'm able to add "Domain Admins" group with full control in Windows
>>> computer management and from there I'm good.
>>>
>>> Should this be added to the wiki?  Or maybe this is a side effect of
>>> something else I did wrong?
>> Normally this shouldn't be necessary.
>>
>> - Which account did you used to add the ACL?
> An account I created that is a member of Domain Admins
>> - Is this account mapped in the backend (e. g. to root)?
> umm.   Maybe this is the problem?  I don't think I have this.  I did 
> try at one point to add an smbusers file with the following line, but 
> it didn't seem to help:
> root = administrator admin
>> - Can you show me your smb.conf (global and the share config)
> [global]
>    netbios name = samba02
>    workgroup = ETI
>    realm = XMEN.ETI
>    security = ads
>    idmap config * : range = 16777216-33554431
>    template homedir = /home/%U
>    template shell = /bin/bash
>    winbind use default domain = true
>    winbind offline logon = false
>    winbind enum users  = yes
>    winbind enum groups = yes
>    encrypt passwords = yes
>

Hi, with the above, samba has nowhere to map the users to, if you don't 
want to use the 'ad' backend, then you need to use the rid backend:

idmap config *:backend = tdb
idmap config *:range = 70001-80000
idmap config ETI:backend = rid
idmap config ETI:range = 500-40000

Changing the numbers to match your requirements.

> # Added for ACL Support
>    vfs objects = acl_xattr
>    map acl inherit = Yes
>    store dos attributes = Yes
>
> [etifiles]
>    path = /samba/etifiles
>    read only = no
>
> I'll admit I'm not too sure about the idmap config.  I'm looking for 
> the simplist configuration that will work.  The wiki for setting up 
> member server suggests some different idmap config options, but it 
> references schema mode rfc2307 and I don't think I have that.
>

If you are using samba4 as the AD DC, then you do have rfc2307, but you 
will need to give yours users a uidNumber and your groups a gidNumber. 
Information about this is available on the samba wiki and elsewhere on 
the internet.

Rowland

> Thanks,
> Brian

More information about the samba mailing list